testssl.sh icon indicating copy to clipboard operation
testssl.sh copied to clipboard

Published 20 hours ago verified publisher icon drwetter

Sluggish execution for --server-defaults

Open l4rm4nd opened this issue 2 years ago • 7 comments

Before you open an issue please check which version you are running and whether it is the latest in stable / dev branch I am running version commit 27c77071ebd03ce88c2605b6f42768ff1d55b4bf and testssl.sh 3.2rc2

Command line / docker command to reproduce

testssl.sh -S https://leibniz-gwzo.de/de

Expected behavior Testss.sh returns the results in a reasonable amount of time.

Actual behavior Testssl.sh runs almost infinitely long. Takes multiple minutes. Does not occur for other target urls.

Your system (please complete the following information):

  • OS: Kali GNU/Linux Rolling
  • Platform: Linux 5.19.0-kali2-amd64 x86_64
  • OpenSSL: testssl.sh/bin/openssl.Linux.x86_64 (OpenSSL 1.0.2-bad (1.0.2k-dev))

l4rm4nd avatar Aug 22 '23 14:08 l4rm4nd

Hello @l4rm4nd,

The issue is that this server is configured to use TLS_CHACHA20_POLY1305_SHA256 as its most preferred TLS 1.3 cipher suite.

When running --server-defaults testssl.sh needs to decrypt TLS 1.3 responses, since the certificate sent by the server is encrypted in TLS 1.3. Since the OpenSSL 1.0.2 command line does not support ChaCha20, and also since OpenSSL 1.0.2 does not support TLS 1.3, testssl.sh needs to perform the ChaCha20 decryption using code written in Bash, which is painfully slow.

A simple solution is to use the --openssl= option to specify a different OpenSSL binary that is version 1.1.1 or newer. By doing so, testssl.sh can make use of OpenSSL's TLS 1.3 implementation for some things and OpenSSL's ChaCha20 decryption for others.

Running --server-defaults on leibniz-gwzo.de using OpenSSL 1.0.2 took 1014 seconds. Using OpenSSL 1.1.1 or 3.0.2 it took 51 seconds.

dcooper16 avatar Aug 22 '23 18:08 dcooper16

Hello @l4rm4nd,

The issue is that this server is configured to use TLS_CHACHA20_POLY1305_SHA256 as its most preferred TLS 1.3 cipher suite.

When running --server-defaults testssl.sh needs to decrypt TLS 1.3 responses, since the certificate sent by the server is encrypted in TLS 1.3. Since the OpenSSL 1.0.2 command line does not support ChaCha20, and also since OpenSSL 1.0.2 does not support TLS 1.3, testssl.sh needs to perform the ChaCha20 decryption using code written in Bash, which is painfully slow.

A simple solution is to use the --openssl= option to specify a different OpenSSL binary that is version 1.1.1 or newer. By doing so, testssl.sh can make use of OpenSSL's TLS 1.3 implementation for some things and OpenSSL's ChaCha20 decryption for others.

Running --server-defaults on leibniz-gwzo.de using OpenSSL 1.0.2 took 1014 seconds. Using OpenSSL 1.1.1 or 3.0.2 it took 51 seconds.

Thanks for the quick reply.

I can confirm that the following command, using OpenSSL 3.0.9, is much faster and fixes the issue:

testssl.sh --openssl=/usr/bin/openssl -S https://leibniz-gwzo.de/de

l4rm4nd avatar Aug 22 '23 19:08 l4rm4nd

Hey @dcooper16,

when I use OpenSSL specifically, the RC4 ciphers checks will not work, as those are not enabled for OpenSSL anymore in newer versions. I assume I would have to build OpenSSL manually and enable those in order to test for RC4 with testssl.sh.

Any other ideas, how RC4 may be scanned without building OpenSSL from source?

Thanks in advance!

l4rm4nd avatar Aug 24 '23 15:08 l4rm4nd

Hello @l4rm4nd,

Can you point to a server for which the RC4 checks are not working? The RC4 checks should work even if the OpenSSL you are using does not support RC4, unless you are using the --ssl-native option.

dcooper16 avatar Aug 24 '23 17:08 dcooper16

Hi @dcooper16,

basically the same host:

testssl.sh --rc4 --ip one --fast --openssl=/usr/bin/openssl https://leibniz-gwzo.de/de

In my case, this leads to the following warning:

 RC4 (CVE-2013-2566, CVE-2015-2808)        Local problem: No RC4 Ciphers configured in /opt/tools/ssl/testssl.sh/openssl-3.1.2/apps/openssl

$ /usr/bin/openssl version

OpenSSL 3.0.9 30 May 2023 (Library: OpenSSL 3.0.9 30 May 2023)

l4rm4nd avatar Aug 25 '23 11:08 l4rm4nd

Hi @dcooper16,

basically the same host:

testssl.sh --rc4 --ip one --fast --openssl=/usr/bin/openssl https://leibniz-gwzo.de/de

In my case, this leads to the following warning:

 RC4 (CVE-2013-2566, CVE-2015-2808)        Local problem: No RC4 Ciphers configured in /opt/tools/ssl/testssl.sh/openssl-3.1.2/apps/openssl

$ /usr/bin/openssl version

OpenSSL 3.0.9 30 May 2023 (Library: OpenSSL 3.0.9 30 May 2023)

Ok, removing the --fast CLI parameter works and RC4 is audited.

l4rm4nd avatar Aug 25 '23 11:08 l4rm4nd

Reopening as I believe we can do better, at least for the TLS 1.3 -part, like: if there's a situation we need TLS 1.3 and the supplied binary doesn't support it, check for /usr/bin/openssl.

I created the PR #2384 which can be used as a basis. If anyboady wants to step in (@dcooper16 ?) that would be much appreciated.

drwetter avatar Aug 28 '23 13:08 drwetter